This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.

Your custom filters are only invoked if the <http> element is matched. So for the first FORM_LOGIN_FILTER it must match /secure/extreme/ before the Fitler will even be considered. Then assuming authenticationFilterVIP does some sort of request matching it must match as well. If this confuses you there is a more in depth explanation in the Spring Security Fundamentals presentation